RHEL 4 : redhat-release (EOL Notice) (RHSA-2011:0259)

high Nessus Plugin ID 63971

Synopsis

The remote Red Hat host is missing a security update.

Description

The flash-plugin package on Red Hat Enterprise Linux 4 contains multiple security flaws and should no longer be used. This is the 1-month notification of Red Hat's plans to disable Adobe Flash Player 9 on Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having critical security impact.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

Adobe Flash Player 9 is vulnerable to critical security flaws and should no longer be used. A remote attacker could use these flaws to execute arbitrary code with the privileges of the user running Flash Player 9. (CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0607, CVE-2011-0608)

Adobe is no longer providing security updates for Adobe Flash Player 9, and is not providing a replacement Flash Player version compatible with Red Hat Enterprise Linux 4.

In one month Red Hat plans to release an update for the flash-plugin package that will prevent it from functioning. User wishing to continue using Flash Player 9, despite the vulnerabilities, can add the flash-plugin package to the up2date skip list. Refer to the following Red Hat Knowledgebase article for instructions on adding a package to the up2date skip list:
https://access.redhat.com/kb/docs/DOC-1639

Solution

Update the affected flash-plugin package.

See Also

https://access.redhat.com/kb/docs/DOC-1639

http://rhn.redhat.com/errata/RHSA-2011-0259.html

http://kb2.adobe.com/cps/406/kb406791.html

Plugin Details

Severity: High

ID: 63971

File Name: redhat-RHSA-2011-0259.nasl

Version: 1.13

Type: local

Agent: unix

Published: 1/24/2013

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:4.8, cpe:/o:redhat:enterprise_linux:4, p-cpe:/a:redhat:enterprise_linux:flash-plugin

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/15/2011

Reference Information

CVE: CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0607, CVE-2011-0608

RHSA: 2011:0259